Collection Rule for event with source CertificationAuthority and ID 82 Rule

  • ID:  Microsoft.Windows.CertificateServices.CARole.6.3.CertSvcEvents.82
  • Description:  Certificate Services encountered an error loading key recovery agent certificates.
  • Target:  Certificate Service (2012 R2)
  • Enabled:  On Essential Monitoring

Overridable Parameters

Parameter Name Default Value Description Override
Priority 2  
Severity 2  

Run As Profiles

Name
Default

Alert Details

Message Priority Severity
AD CS Key Archival and Recovery High Critical

Rule Knowledgebase

Summary

Active Directory Certificate Services (AD CS) requires key recovery agent certificates, exchange (XCHG) certificates, and keys in order to support key archival. The functioning of key recovery agent certificates, XCHG certificates, and the cryptographic service providers (CSPs) needed to create them is critical to a public key infrastructure.

Causes
This rule does not contain any causes.
Resolutions

Use a version of Windows Server 2008 that supports AD CS key archival

Key archival is available only with certification authorities (CAs) that are installed on computers running the Windows Server 2008 Enterprise operating system or the Windows Server 2008 Datacenter operating system.

Confirm that the CA you are using is installed on a computer running Windows Server 2008 Enterprise or Windows Server 2008 Datacenter.

To identify the Windows edition:

  • Open an Explorer window, right-click Computer, and click Properties.

  • In the section titled Windows edition, confirm that one of the versions that support key archival is listed.

External References
This rule does not contain any external references.

See Also for Active Directory Certificate Services Management Pack


Downloads for Active Directory Certificate Services Management Pack

AZURE OPTIMIZATION ASSESSMENT GET STARTED
MIGRATION TO AZURE GET STARTED
SYSTEM CENTER MIGRATION TO AZURE GET STARTED
MIGRATION TO AZURE FOR SQL AND WINDOWS 2008 GET STARTED